<virtual-mta marketing> source 192.168.1.10 max-smtp-out 50 dns-timeout 30 bounce-log /var/log/powermta/bounce-marketing.log </virtual-mta> <virtual-mta transactional> source 192.168.1.11 max-smtp-out 200 bounce-log /var/log/powermta/bounce-transactional.log </virtual-mta> 5.1 Domain-Specific Throttling Prevent overloading a single domain (e.g., Gmail, Yahoo).
<domain *> # Default for all domains max-smtp-out 5 max-msg-rate 100/h use-starttls if-available </domain> Gradually increase volume per source IP. powermta configuration guide
<source 192.168.1.10> process-x-remote-mta-ip yes always-use-mx yes max-smtp-out 100 use-starttls if-available </source> <source 192.168.1.11> virtual-mta primary # Assign to a Virtual MTA </source> Isolate traffic types (e.g., marketing vs transactional). <virtual-mta marketing> source 192
<domain gmail.com> max-smtp-out 20 # Concurrent connections to Gmail max-msg-rate 1000/h # Messages per hour use-starttls yes require-starttls no </domain> <domain yahoo.com> max-smtp-out 15 max-msg-rate 800/h </domain> <domain gmail
http-mgmt-port 8080 http-mgmt-interface 127.0.0.1 Always validate config before reload:
openssl genrsa -out /etc/powermta/keys/example-dkim.key 2048 openssl rsa -in example-dkim.key -pubout -out example-dkim.pub # Add public key to DNS: mail._domainkey TXT "v=DKIM1; k=rsa; p=..." <domain example.com> bounce-domain bounces.example.com # VERP bounces spf-identity mfrom # Use MAIL FROM for SPF </domain> 6.3 IP Restrictions (Inbound Relay) <accepted-connect 127.0.0.1> allow-submission yes require-auth no </accepted-connect> <accepted-connect 10.0.0.0/8> allow-submission yes require-auth yes auth-plain /etc/powermta/passwd </accepted-connect> 7. Logging & Monitoring 7.1 Delivery Log Format log-format-extended "mail.log" "%ts %d %r %s %S %T %p %b %B" # Fields: timestamp, domain, recipient, status, size, time, IP, bounce, message-id 7.2 Bounce Processing bounce-log /var/log/powermta/bounce.log bounce-category-log /var/log/powermta/bounce-category.log permanent-bounce-after 7d # Suppress after 7 days of soft bounces 7.3 HTTP API & SNMP http-mgmt-port 8080 http-mgmt-interface 0.0.0.0 http-mgmt-auth /etc/powermta/htpasswd snmp-port 161 snmp-community public
Start & enable:
<virtual-mta marketing> source 192.168.1.10 max-smtp-out 50 dns-timeout 30 bounce-log /var/log/powermta/bounce-marketing.log </virtual-mta> <virtual-mta transactional> source 192.168.1.11 max-smtp-out 200 bounce-log /var/log/powermta/bounce-transactional.log </virtual-mta> 5.1 Domain-Specific Throttling Prevent overloading a single domain (e.g., Gmail, Yahoo).
<domain *> # Default for all domains max-smtp-out 5 max-msg-rate 100/h use-starttls if-available </domain> Gradually increase volume per source IP.
<source 192.168.1.10> process-x-remote-mta-ip yes always-use-mx yes max-smtp-out 100 use-starttls if-available </source> <source 192.168.1.11> virtual-mta primary # Assign to a Virtual MTA </source> Isolate traffic types (e.g., marketing vs transactional).
<domain gmail.com> max-smtp-out 20 # Concurrent connections to Gmail max-msg-rate 1000/h # Messages per hour use-starttls yes require-starttls no </domain> <domain yahoo.com> max-smtp-out 15 max-msg-rate 800/h </domain>
http-mgmt-port 8080 http-mgmt-interface 127.0.0.1 Always validate config before reload:
openssl genrsa -out /etc/powermta/keys/example-dkim.key 2048 openssl rsa -in example-dkim.key -pubout -out example-dkim.pub # Add public key to DNS: mail._domainkey TXT "v=DKIM1; k=rsa; p=..." <domain example.com> bounce-domain bounces.example.com # VERP bounces spf-identity mfrom # Use MAIL FROM for SPF </domain> 6.3 IP Restrictions (Inbound Relay) <accepted-connect 127.0.0.1> allow-submission yes require-auth no </accepted-connect> <accepted-connect 10.0.0.0/8> allow-submission yes require-auth yes auth-plain /etc/powermta/passwd </accepted-connect> 7. Logging & Monitoring 7.1 Delivery Log Format log-format-extended "mail.log" "%ts %d %r %s %S %T %p %b %B" # Fields: timestamp, domain, recipient, status, size, time, IP, bounce, message-id 7.2 Bounce Processing bounce-log /var/log/powermta/bounce.log bounce-category-log /var/log/powermta/bounce-category.log permanent-bounce-after 7d # Suppress after 7 days of soft bounces 7.3 HTTP API & SNMP http-mgmt-port 8080 http-mgmt-interface 0.0.0.0 http-mgmt-auth /etc/powermta/htpasswd snmp-port 161 snmp-community public
Start & enable:
